-
漏洞描述

vBulletin contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "eventid" parameter is not verified properly in "calendar.php" which can be exploited to manipulate or inject SQL queries.

-
时间线

公开日期:
2004-01-05

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

Upgrade to version 2.3.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

-
受影响的程序版本

-
不受影响的程序版本

VBulletin VBulletin 2.3.4

-
漏洞讨论

vBulletin is prone to an SQL-injection vulnerability. As a result, remote attackers may influence the logic and structure of database queries made by the software. Attackers could potentially exploit this issue to compromise the bulletin-board installation, access sensitive information from within the database, or even to launch attacks against the database implementation.

-
漏洞利用

The following example was provided:

http://www.example.com/[software_installation_path]/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events WHERE eventid = 14) order by eventdate

(Note that the underlying database must support the UNION command for this example to work.)

-
解决方案

Reportedly, vBulletin version 2.3.4 is not vulnerable to this issue. Users are advised to obtain the immune version from the vendor.